July 27, 2010

Introduction: Draft 1

A smart-phone is a device which unifies the func- tionality of a mobile phone device, a personal digital assistant (PDA) and a digital camera with the power of a PC. As these type of mobile devices such as the iPhone, Android or blackberry become increasingly powerful and important, attackers are increasingly targeting them in an attempt to obtain sensitive information. Most honeypot technologies in the past have yet to be ported over to mobile platforms. In addition, the closed nature of most of these devices also hinder the collection and analysis of such attacks. By constructing a suitable network for use in the collection of such data, attack vectors can be identified and explored further.

According to Gartner, samrt-phone sales are still on the rise. These devices which hold even more informa- tion than before; text messages, photos, music, contact information, browsing history, voice mail, e-mail are all at risk to being compromised when connecting to a network; telecom or otherwise due to background services enabled by default. Currently, Apple hold a 15 percent market share as of 2010 with an estimated 10 percent of those users using a jailbroken* phone. Services like OpenSSH and Apple Filing Protocol (AFP) can all be easily installed and easily accessible once a network connection is established. By utilising these type of services, telecom networks are no longer the only security threat. Many have long realised that as we bridge home networks, sensor networks and similar systems to the Internet for more flexible services, we also give opportunities to Internet based intrusions.

For example, in 2004, ”Cabir” was the first version of a network worm which propagated via mobile devices. This is especially alarming as these type of devices act as end-points between telecom and wireless networks and have the potential to launch large global scale distributed-deniel-of-service (DDoS) attacks crippling the telecom infrastructure i.e. attacks focused on critical call centers such as emergency services (999). These type of worms indicate the rate at which Internet security threats are becoming more prevalent towards smart- phone technologies and high-light the need to understand such attacks to ensure measures can be taken to mitigate the threat posed.

This paper aims to propose a methodology for creating an environment for a high-interactive honeypot which can be used to capture attacks focused on these types of devices. A high-interactive Honeypot is a trap set to detect and observe attempts at unauthorised use of information systems consisting of a device that appears to be part of a network but is in fact actually isolated, vulnerable and monitored. By taking this concept, and applying it to a smart-phone device, an experiment is conducted whereby the proposed system is built and the results or attacks are analysed. The results presented aim to bring attention to the dangers that Internet-ready smart-phones inherit and proposes recommendations to mitigate such attacks.

Navigation

Alan Neville

Alan Neville, Bio

Dia Guit. My name is Alan Neville. I am currently sitting a Masters (MS.c) programme in Dublin City University (DCU) focused around Security and Forensics in Computing. This blog has been created to host various bits and pieces I come across in relation to my thesis.